Merge branch 'fix_ldap_access_request_temp' into 'master'

Temporary fix for #825 - LDAP sync converts access requests to members Interim fix for #825. It's a critical enough issue that we need the workaround for now and when the true fix comes we can remove the conditional. The spec will still be relevant, thankfully. See merge request !655

Merge branch 'fix_ldap_access_request_temp' into 'master'
Temporary fix for #825 - LDAP sync converts access requests to members Interim fix for #825. It's a critical enough issue that we need the workaround for now and when the true fix comes we can remove the conditional. The spec will still be relevant, thankfully. See merge request !655
ce06cc65 · Douwe Maan · 38f7f31a · 78f74c35 · ce06cc65 · ce06cc65
Commit ce06cc65 authored Aug 16, 2016 by Douwe Maan
Showing with 30 additions and 4 deletions

CHANGELOG-EE CHANGELOG-EE +1 -0

lib/ee/gitlab/ldap/sync/group.rb lib/ee/gitlab/ldap/sync/group.rb +12 -3

spec/lib/ee/gitlab/ldap/sync/group_spec.rb spec/lib/ee/gitlab/ldap/sync/group_spec.rb +17 -1

No files found.
--- a/CHANGELOG-EE
+++ b/CHANGELOG-EE
@@ -4,6 +4,7 @@ v 8.11.0 (unreleased)
  - Allow projects to be moved between repository storages
  - Add rake task to remove old repository copies from repositories moved to another storage
  - Performance improvement of push rules
+  - Temporary fix for #825 - LDAP sync converts access requests to members. !655
  - Change LdapGroupSyncWorker to use new LDAP group sync classes
  - Removed unused GitLab GEO database index
  - Enable monitoring for ES classes

--- a/lib/ee/gitlab/ldap/sync/group.rb
+++ b/lib/ee/gitlab/ldap/sync/group.rb
@@ -124,9 +124,18 @@ module EE
            if access < ::Gitlab::Access::OWNER && group.last_owner?(user)
              warn_cannot_remove_last_owner(user, group)
            else
-              # If you pass the user object, instead of just user ID,
+              # Temporarily handle access requests until
-              # it saves an extra user database query.
+              # gitlab-org/gitlab-ee#825 is properly resolved.
-              group.add_users([user], access, skip_notification: true)
+              member = group.requesters.find_by(user_id: user.id)
+              if member.present?
+                member.access_level = access
+                member.requested_at = nil
+                member.save
+              else
+                # If you pass the user object, instead of just user ID,
+                # it saves an extra user database query.
+                group.add_users([user], access, skip_notification: true)
+              end
            end
          end

--- a/spec/lib/ee/gitlab/ldap/sync/group_spec.rb
+++ b/spec/lib/ee/gitlab/ldap/sync/group_spec.rb
@@ -49,7 +49,7 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
            sync_group.update_permissions
-            expect(group.members).not_to include(user)
+            expect(group.members.pluck(:user_id)).not_to include(user.id)
          end
        end
@@ -59,6 +59,22 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
          expect(group.members.pluck(:user_id)).to include(user.id)
        end
+        it 'converts an existing membership access request to a real member' do
+          group.members.create(
+            user: user,
+            access_level: ::Gitlab::Access::MASTER,
+            requested_at: DateTime.now
+          )
+          # Validate that the user is properly created as a requester first.
+          expect(group.requesters.pluck(:user_id)).to include(user.id)
+          sync_group.update_permissions
+          expect(group.members.pluck(:user_id)).to include(user.id)
+          expect(group.members.find_by(user_id: user.id).access_level)
+            .to eq(::Gitlab::Access::DEVELOPER)
+        end
        it 'downgrades existing member access' do
          # Create user with higher access
          group.add_users([user],